Wednesday, July 15, 2009

Why the hand-wringing over TechCrunch's decision to publish 'hacked' Twitter documents?

I am genuinely baffled by the journalistic ethics debate over TechCrunch's decision to publish Twitter corporate documents that were apparently obtained through "hacking" and then forwarded to the Silicon Valley business blog.

TechCrunch appears to have played no role whatsoever in the alleged hacking. According to TechCrunch, it was simply sent 310 documents, unsolicited. It then decided to print "financial projections, product plans and notes from executive strategy meetings," as well as "the original pitch document for the Twitter TV show that hit the news in May." Why? "[M]ostly because it’s awesome." TechCrunch voluntarily refrained from publishing other information contained in the documents, including "floorplans and security passcodes to get into the Twitter offices." According to the NY Times, TechCrunch's founder Michael Arrington (a fellow OMM alum) "is working closely with Twitter as it determines which pieces of information to publish," though "[h]e is protecting the identity of his source."

Here's what I don't get: why the ethical hand-wringing here? Why was TechCrunch's decision to publish some of the hacked documents any different from what mainstream publications like the Times and Wall Street Journal do countless times every day: print information and documents leaked from employees to reporters, without company permission? Every company I've ever heard of prefers to keep its business information confidential. Often, they have formal confidentiality policies, or even require employees (and contractors) to enter into strict nondisclosure agreements. Of course business reporters know this. And yet, without giving it a second thought, they ask employees to violate their duties to their employers, and leak confidential documents and spill the beans on company secrets. And their editors don't wring their hands; they praise their reporters for their scoops.

In some ways, what typical reporters do in soliciting confidential documents is ethically worse than what TechCrunch did. Reporters typically ask sources to give them confidential documents knowing full well that the employee is breaking company policy, and possibly civil or even criminal laws (e.g., conversion or theft of trade secrets). But TechCrunch did no such thing; by its account, the hacked documents just showed up unsolicited in its inbox. And assuming that's accurate, I think TechCrunch faces no significant legal risk from publishing the material. See Bartnicki v. Vopper, 532 U.S. 514 (2001) (radio host not liable under wiretapping statutes for broadcasting illegally intercepted conversations, where he played no role in illegal interception).

The hand-wringers can't have it both ways. Either TechCrunch's decision to print was perfectly legitimate journalism -- or what business reporters do every single day is even more unethical. Am I missing some distinction?

UPDATE: Interesting legal analysis from Sam Bayard of the Citizen Media Law Project. In a nutshell:
TechCrunch is probably in the clear for publishing anything that would qualify as a "matter of public concern" under Bartnicki and friends....To be sure, the category of "public concern" does not include everything the public might be interested in. Still, the courts are rightly hesitant to decide for themselves what is newsworthy and what is not, so they tend to err on the side of liberality. In the current scenario, it is fair to say that a good deal of information about Twitter as a company is fair game given its immense popularity and newfound cultural significance. TechCrunch has done a good job sticking to this category so far, although maybe information about a TV show Arrington himself deems "a big loser" might be a borderline case.


I'm not sure how the First Amendment would impact a possible prosecution for receipt of stolen property because it is receipt of stolen material, not publication, which is criminalized. But it seems unlikely that First Amendment concerns wouldn't also limit criminal liability in this context.


  1. I suspect the distinction is the same old idiom that is being pushed all the time. Techcrunch is a "virtual" media organisation, whereas those other ones - NY times, WSJ, Fox, are "real" media organisations that "can do no wrong" ie: The 4th estate.

    Hypocritical? Why certainly.. Strange and unusual that they think like this? Why it would be strange and unusual if they didn't.

    Getting into an ethical debate in that they are being unethical themselves with old media that is virtually a duopoly in most places in the world is to put it bluntly.. like masturbating with a cheese grater. An amusing concept but ultimately futile and extremely painful.

    Techcrunch IMHO have been very upfront about the whole situation, have worked with Twitter to an extent, are concerned about personal damage occurring to innocent people (unlike "real" media and their grab for ratings etc.), and are Only placing into the public forum what is newsworthy and of interest to everyone.

    Maybe the next student journalists should be given this case study in Ethics 101 from now on.

  2. I agree a blog shouldn't be treated much differently than a newspaper here. But I think it's a slightly different situation from the insider leak hypo. This was (if I understand correctly) an outsider who broke in. I would hope that it would cause some hand-wringing if a thief busted into Twitter's physical offices, stole a hard drive, and turned *that* over to the New York Times. It seems less like whistleblowing and more like rewarding the crime.

  3. @Bruce Boyden:

    Sure, but my point is: why is your hard drive example any different from a reporter (either explicitly or implicitly) urging an employee to reveal company secrets, in violation of a company policy, or civil or criminal law, and then printing the results? Reporters at major papers do that every day -- and are rewarded for it.

    In fact, I could make the case that what reporters typically do is *worse* than what TechCrunch did, because TechCrunch had no involvement in the hacking itself; the documents simply landed in its lap.

  4. There's a probabilistic distinction, I think. The reporter appeals to an insider typically to blow the whistle, for the greater good. Also, I think it would be an unusual case where doing so would involve violating criminal law, except maybe for classified secrets, but that would involve the press's typical government watchdog function.

    But here the person obtaining the information was outside the company, and as likely motivated by a desire for (pseudonymic) fame and notoriety, or possibly even monetary gain, as any sort of whistleblowing function. (How would the outsider have any idea whether a whistle needed to be blown?) And obtaining the secrets necessarily involves violating a criminal statute (breaking and entering, or CFAA), not just sometimes or in some situations. I think publishing the information in the latter case is rewarding behavior that perhaps should not be rewarded. That's not to say it's never justified, but the cases seem distinguishable.

  5. Ben ponders the difference between reports soliciting (confidential) information from employees vs publication of purloined documents. "Am I missing some distinction?"

    The difference is plainly obvious. An employee breaching a contractual obligation regarding IP to a reporter is potentially liable. The employer (likely) acted in good faith, while the employee is clearly not.

    In this situation, an external party stole (copied) company IP. Twitter clearly stated they "did not give permission for these documents to be shared." So one external party is taking company IP without authorization and another party is monetizing the IP without authorization AND against the stated wishes of its owner.

    Not even close, it is night and day, materially different.

  6. @Anonymous 9:50:

    But in both cases, the company's proprietary information or documents were taken from the company against the company's will. The only difference is whether the info/docs were taken by an employee (acting against the interests of the company, and possibly civil or criminal law), or by an outsider before being given to the reporter. But you haven't explained why that difference should matter in evaluating whether the news org. should print the material.

    It seems to me the real issue isn't how the news org. obtained the info, but whether it is newsworthy. For example, assume these weren't business plans from Twitter, but instead were docs from a meatpacker revealing the presence of deadly bacteria in its meat -- info that the company planned to keep secret. I think just about everyone would agree that a news org. should publish the info -- whether the docs were passed along from leaker to reporter, or forwarded by email to the reporter by a hacker who broke into the meatpacker's email system.

  7. I think you may want to re-examine the assertion that an employee is breaking the law when he discloses confidential company information that he rightfully possesses. The employee is certainly violating a contract, and may be subject to civil penalties - but in the typical set of circumstances, it would be very unusual for any criminal case to be pressed against such an employee.

    A person making unauthorized entry into company systems is breaking the law, under pretty much any set of circumstances. In the minds of many, any person who benefits from that lawbreaking is enjoying ill-gotten gains.

  8. The point is being discussed here in the a lot at the moment after the latest News of the World phone hacking scandal. As Bruce points out, a journalist attempting to find out information you believe a company/individual is hiding which reveals facts/hypocrisy which should be revealed for the public good is very different from illegally fishing through data to see what dirt you can find. You need to have a hypothesis you're trying to prove /before/ you start fishing.

    And contrary to post #1, old media (and new media) get passed a lot of confidential documents which they don't publish until they're deemed to be in the public interest - and that can be years after first receipt.

    Publishing the information 'Because it's awesome' is a terrible reason for breaching confidentially. It's not unusual - but it's a sham to pretend it's any more serious journalism than, say 'The Smoking Gun'.

  9. @Anonymous 11:20:

    I agree that it's extremely rare for an employee to be charged criminally for leaking confidential documents or info to a reporter. But in many cases an employee who did so would indeed be in violation of some criminal law (e.g., theft of trade secrets), whether or not he was actually prosecuted.

    @Anonymous 4:23:

    You make the same point I did at 9:59: what's most relevant is whether the info is newsworthy, not how it was obtained (assuming of course that the reporter played no role in the illegality). And BTW, I think The Smoking Gun, while they do some frivolous stuff, also does some great journalism.

  10. @Ben, so what specific elements that have been made public do you consider newsworthy? There wasn't conspiracy, fraud, government waste, environment risk, or human life in danger.

    Putting aside the media's financial self-interest and profiteering from publishing the documents, don't you feel any moral hazard from incenting theft? From inflicting further damage on the victim?

  11. @Anonymous 7:03:

    I think it's beyond question that Twitter is an important new technological, social, and business development. There has been endless press attention to Twitter, one aspect of which has attempted to answer the question: "Yeah, but how are they going to make money?" Many of the documents TechCrunch has written about shed light on that topic.

    I disagree with your definition of "newsworthy," as it appears to be limited to things like "conspiracy, fraud, government waste, environment risk, or human life in danger." Many things are newsworthy simply because they tell us interesting and important things going on in the world, even if they have nothing to do with exposing wrongdoing.

    I agree that, at some level, printing leaked or hacked info or docs does "incent" such activity. And I don't know anyone who, as a general matter, says that people should break company policy or the law. But I also think that having a free and aggressive press is important, and that prohibiting publication of unlawfully obtained info (assuming that the reporter played no role in the illegality) would be a very dangerous development.

  12. twitter is a private company, and there is no smoking gun that would make this a matter of public service. this is only in techcrunch's service (as evidenced in how arrington shamelessly spammed /w tweets as the news 'unfolded'). i think something *must* be unethical to publish if there is no public service, otherwise we end up with a society full of tards looking to hack private stuff and publish it for self-promotion. this is totally bat-shit-crazy and i'm amazed that more people aren't outraged. techcrunch needs to lose big over this or we all will.

  13. @Anonymous 2:38:

    It's an extremely cramped view of journalism to think that news orgs. should only print "smoking gun[s]." Twitter is a major new social/technological/business phenomenon. There is intense interest in the issue: how will it make money? Indeed, how *any* Internet company will make money is a topic of major public interest.

    The hacker himself should be prosecuted. But in a country with a First Amendment, we should not be targeting journalists who print accurate and newsworthy information (as long as they are not involved in the illegality themselves).


Comments here are moderated. I appreciate substantive comments, whether or not they agree with what I've written. Stay on topic, and be civil. Comments that contain name-calling, personal attacks, or the like will be rejected. If you want to rant about how evil the RIAA and MPAA are, and how entertainment companies' employees and attorneys are bad people, there are plenty of other places for you to go.